Sitemap

Thursday, November 30, 2017

Audit in MS CRM

Auditing is supported on all
custom and most customizable entities and attributes

Auditing is not supported on
metadata changes, retrieve operations, export operations, or during
authentication

Supported for auditing

Audit of customizable entities

Audit of custom entities

Configure entities for audit

Configure attributes for audit

Privilege-based audit trail viewing

Privilege-based audit summary viewing

Audit log deletion for a partitioned SQL database

Audit log deletion for a non-partitioned SQL database

Microsoft Dynamics Dynamics 365 SDK programming
support

Audit of record create, update, and delete operations

Audit of relationships (1:N, N:N)

Audit of audit events

Audit of user access

Adherence to regulatory standards

Non supported for auditing

Audit of read operations

Audit of metadata changes

Audit of text blobs, notes, and attachments

You can enable or disable
auditing at the organization, entity, and attribute levels. If auditing is
not enabled at the organization level, auditing of entities and
attributes, even if it is enabled, does not occur. By default, auditing is
enabled on all auditable entity attributes, but is disabled at the entity
and organization level.

For Microsoft Dynamics 365
servers that use Microsoft SQL Server Enterprise editions, auditing data
is recorded over time (quarterly) in partitions. A partition is called an
audit log in the Microsoft Dynamics 365 web application. Partitions are
not supported, and therefore, not used, on a Microsoft Dynamics 365 server
that is running Microsoft SQL Server, Standard edition.

The ability to retrieve and
display the audit history is restricted to users who have certain security
privileges: View Audit History, and View Audit Summary. There are also
privileges specific to partitions: View Audit Partitions, and Delete Audit
Partitions. See the specific message request documentation for information
about the required privileges for each message.

Audited data changes are
stored in records of the audit entity.

Data that can be audited:

Create, update, and delete
operations on records.

Changes to the shared
privileges of a record.

N:N association or
disassociation of records.

Changes to security roles.

Audit changes at the entity,
attribute, and organization level. For example, enabling audit on an
entity.

Deletion of audit logs.

When (date/time) a user
accesses Microsoft Dynamics 365 data, for how long, and from what client.

Enabling or disabling of
field level security by setting the IsSecured attribute cannot be audited

For attribute auditing to
take place, auditing must be enabled at the attribute, entity, and
organization levels

A user must be assigned the
System Administrator or System Customizer role to enable or disable
auditing

when enabling auditing on an
entity, all of the entity’s attributes are enabled for auditing by
default. Of course you can explicitly disable auditing on any or all of
the attributes as needed

Fully Customizable entities:

Account

Campaign

CampaignActivity

CampaignResponse

Competitor

Connection

Contact

Contract

Email

Fax

Goal

Incident

Invoice

InvoiceDetail

Lead

Letter

List

Opportunity

OpportunityProduct

PhoneCall

Product

QueueItem

Quote

QuoteDetail

SalesLiterature

SalesOrder

SalesOrderDetail

ServiceAppointment

SystemUser

Task

Territory

Entities we cannnot audit:

ActivityPointer

Annotation

BulkOperation

Calendar

CalendarRule

CustomerOpportunityRole

Discount

DiscountType

IncidentResolution

KbArticle

KbArticleComment

KbArticleTemplate

Notification

OpportunityClose

OrderClose

ProductPriceLevel

QuoteClose

RecurrenceRule

Resource

ResourceGroup

ResourceGroupExpansion

ResourceSpec

SalesLiteratureItem

SalesProcessInstance

Service

Subject

Template

UoM

UoMSchedule

Workflow

WorkflowLog

If your Microsoft Dynamics
365 server uses Microsoft SQL Server standard edition, which does not
support the database partitioning feature, the DeleteAuditDataRequest
request deletes all audit records created up to the end date specified in
the EndDate property.

If your Microsoft Dynamics
365 server uses an Enterprise edition of Microsoft SQL Server that does
support partitioning, the DeleteAuditDataRequest request will delete all
audit data in those partitions where the end date is before the date
specified in the EndDate property. Any empty partitions are also deleted.
However, neither the current (active) partition nor the audit records in
that active partition can be deleted by using this request or any other
request.

New partitions are
automatically created by the Microsoft Dynamics 365 platform on a
quarterly basis each year. This functionality is non-configurable and
cannot be changed

Microsoft Dynamics 365
(online & on-premises) support the ability to audit user access. The
information that is recorded includes when the user started accessing
Microsoft Dynamics 365 and if access originated from the Microsoft
Dynamics 365 web application, Dynamics 365 for Outlook, or SDK calls to
the web services.

To enable or disable user
access auditing, you must retrieve the target organization’s record, and
update the Organization.IsUserAccessAuditEnabled attribute value for the
organization. Global auditing on the organization must also be enabled by
setting the Organization.IsAuditEnabled attribute to true in the
organization record. To audit the origin of user access, for example: web
application, Dynamics 365 for Outlook or SDK, you must enable auditing on
the entities being accessed.